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(54) Network management system 

(57) A network management system for managing a 
computer network in which media switching type infra- 
structures and media sharing type infrastructures are 
combined coexistently includes a database (221) des- 
tined for network management in which correspond- 
ences established among information concerning 
physical interconnections (1010) of individual equip- 
ment (25) on the network (20), information concerning 
logical network configuration (1020) such as that of vir- 
tual network, and information concerning the users 
(1045) who make use of the network are stored, identi- 
fying means (22; 221) for identification of the individual 
equipment (25) on the network (20) and physical 
addresses (53) intrinsic to network ports, respectively 
and retrieval means (22; 50) for searching information of 
the physical addresses of the network ports with que- 
ries for the logical addresses. 
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Description 

BACKGROUND OF THE INVENTION 

[0001] The present invention relates to a network s 
management technique suited advantageously for 
employment in a network in which media sharing type 
infrastructures and media switch type infrastructures 
coexist mixedly. 

[0002] Heretofore, a router apparatus and a bridge 10 
apparatus have been widely used as the means for con- 
trolling communication traffics by dividing a network into 
a plurality of segments. Further, a high-speed/wide- 
band switch apparatus of ATM type (Asynchronous 
Transfer Mode) has also been developed and used for 75 
practical applications. As is stated in a draft of "IEEE 
802.1 q Standards" published by the institute of Electri- 
cal and Electronics Engineers (IEEE) and disclosed in 
Japanese Unexamined Patent Application Publication 
No. 130421/1997 (JP-A-9-130421) as well, it is known 20 
to implement virtual networks, i.e., logical network seg- 
ments for every network port under the control of the 
switch apparatus. However, there exist a plurality of 
standards for such virtual network systems or schemes 
which differ from one to another enterprise or from one 25 
to another industrial colleague. 
[0003] On the other hand, as a scheme or system for 
managing machines or equipment on a network, SNMP 
(Simple Network Management Protocol) prescribed in 
"Request for Comment 1907 (RFC 1907) published by 30 
the Internet Engineering Task Force (IETF) is adopted. 
With this protocol, setup statuses of the individual 
machines or equipment can be surveyed and/or altered 
on an equipment-by-equipment basis. 
[0004] Furthermore, as a method of managing infor- 35 
mation of the users who are making use of network and 
computers connected to the network by using a data- 
base, the directory services stipulated by "X.500" is 
adopted as the international standards. 
[0005] The conventional systems or schemes men- 40 
ttoned above, however, suffer problems such as enu- 
merated below. 

1) In the conventional systems known heretofore, it 
is certainly possible to implement the logical net- 45 
work segments as the virtual networks by setting 
previously the network for relaying or repeating 
packets at the switch apparatus to thereby set up 
the physical interconnection status of machines or 
equipment and the logical interconnection status so 
implemented by the virtual networks independent 
of each other. In that case, however, much difficulty 
is encountered in referencing or surveying the net- 
work configuration as a whole over a wide range 
and altering or modifying the same. ss 

More particularly, because no consideration is 
paid to the structure of a database destined for con- 
solidative management for the setup status and 



supervision of the whole virtual network realized by 
a plurality of equipment, it is extremely difficult in 
referencing or supervising and altering or modifying 
the setup status of the virtual network configuration 
and the network address structure over a plurality 
of machines or equipment 

2) Furthermore, with regard to the packaging of the 
virtual network, there have been proposed a plural- 
ity of different schemes. By way of example, for the 
asynchronous transfer mode or ATM, LAN emula- 
tion (hereinafter also referred to as the LANE) 
standardized by the standardization association 
"ATM Forum" is packaged, i.e., adopted actually. 
Furthermore, concerning the Ethernet switch appa- 
ratus, there exist various packaging schemes such 
as "VLAN Scheme" (!EEE802.1q) currently under 
discussion for the standardization by the Interna- 
tional Standardization Association "IEEE" in addi- 
tion to those which have been expanded or 
extended individually by diverse vendors. 

Now, let's suppose a network environment in 
which a plurality of virtual networks of different 
package types such as mentioned above are com- 
bined coexistent! y. In such environment, it is cer- 
tainly possible to connect mutually the virtual 
networks through the medium of the router appara- 
tus. However, the method of referencing or super- 
vising and altering the setup status of the virtual 
networks differs from one to another virtual network 
in dependence on the package types as adopted, 
involving necessity of performing the setup and 
other operations separately for each of the virtual 
networks. More specifically, when there arises the 
necessity of altering or changing the member 
equipment of the virtual network segments, it is 
required to alter the setup statuses thereof at the 
server apparatuses which are in charge of manag- 
ing the associated virtual network segments, 
respectively, or the switch apparatuses or both of 
them. 

In other words, when a plurality of virtual net- 
works of different types are combined coexistently, 
an extreme difficulty will be encountered in manag- 
ing the network as a whole while referencing or 
altering the setup statuses of the virtual networks in 
a consolidated manner at one location or station. 

3) Besides, when configuration of the logical net- 
work segment implemented by the virtual network 
and that of the physical network are grasped in 
terms of a logical network configuration as viewed 
from the standpoint a higher-rank protocol, then the 
management of the virtual network configuration 
has to be performed separately from the manage- 
ment of the logical network layers with the internet 
protocol or IP. In such network system, it is impossi- 
ble to grasp intuitively the physical equipment inter- 
connections as well as relations with and among 
the logical network configurations. Consequently, 
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when occurrence of obstacle or failure in the net- 
work system is detected, extreme difficulty will be 
involved in determining discriminatively the location 
where the failure or disturbance is taking place. 

[0006] As will now be appreciated from the foregoing, 
with the conventional techniques, it is very difficult to 
realize a means which allows a person in charge of 
managing or supervising the network system to grasp 
intuitively the configuration or structure of the network 
system as a whole by establishing or grasping simulta- 
neously correspondences among the logical network 
segment structures implemented as the virtual net- 
works, the physical network configuration realized by 
physically wiring the equipment, and the logical network 
configuration as viewed from the standpoint of higher- 
rank protocols of variety. 

SUMMARY OF THE INVENTION 

[0007] In the light of the state of the art described 
above, it is an object of the present invention to provide 
a network management technique which is capable of 
managing easily a network system which includes a plu- 
rality of virtual networks realized in accordance with dif- 
ferent schemes. 

[0008] Another object of the present invention is to 
provide a network management system implemented 
by adopting the network management technique men- 
tioned above. 

[0009] Yet another object of the present invention is to 
provide individual apparatuses required for constituting 
the above-mentioned system. 

[0010] Furthermore, it is an object of the present 
invention to provide programs for realizing the incGvidual 
apparatuses. 

[0011] In view of the above and other objects which 
will become apparent as the description proceeds, the 
present invention is directed to a network management 
system for managing a computer network in which a 
media switching type infrastructure and a media sharing 
type infrastructure are combined coexistently. 
[001 2] In the network management system mentioned 
above, it is taught according to a general aspect of the 
present invention that a database for network manage- 
ment is provided, in which correspondences are estab- 
lished among information concerning physical 
connections of equipment on the network, information 
concerning logical network configuration such as that of 
virtual network and information concerning users who 
make use of the network. 

[001 3] With the arrangement of the network manage- 
ment system mentioned above, management of the net- 
work including a plurality of virtual networks realized in 
accordance with respective schemes can be facilitated 
because the setup status of the virtual networks can be 
referenced, surveyed or altered easily in a consolidated 
manner owing to the provision of the service-destined 



database which is capable of storing the information 
concerning the physical interconnections of network 
equipment, the information concerning the logical vir- 
tual network configuration and the user information. 

5 [0014] In a preferred mode for realizing the network 
management system according to the general aspect of 
the present invention described above, there may be 
provided a display unit which is capable of displaying 
the information concerning the physical network, the 

10 information concerning the logical network and the user 
information in the form of tree-structure type directory 
data. 

[001 5] In another mode for realizing the network man- 
agement system according to the general aspect of the 

is invention, it is preferred to provide a display means 
which is capable of disposing the physical network infor- 
mation, the logical network information and the user 
information on different planes, respectively, for display- 
ing the information on all the planes three-dimensionally 

20 within a single frame. 

[0016] In a further mode for realizing the network 
management system according to the general aspect of 
the invention, it is preferred to provide an identification 
means for identifying discriminatively the entities of indi- 

25 vidual equipment on the network as well as interconnec- 
tion relations thereof by using physical addresses 
allocated inherently to network ports, respectively. 
[0017] By virtue of the arrangements described 
above, it is possible to search (or retrieve) and alter the 

30 information concerning the interconnection relations 
among the physical network equipment, the information 
concerning the logical virtual network configuration and 
the user information in a consolidated manner by using 
as keys the physical addresses allocated to the physical 

35 network equipment, respectively. 

[001 8] In conjunction with the preferred mode for car- 
rying out the invention described just above, it is pre- 
ferred to provide a search or retrieve means which is 
capable of searching or retrieving the information of the 

40 physical addresses inherent to the network ports, 
respectively, in response to queries about the logical 
addresses. 

[0019] The above and other objects, features and 
attendant advantages of the present invention will more 
45 easily be understood by reading the following descrip- 
tion of the preferred embodiments thereof taken, only by 
way of example, in conjunction with the accompanying 
drawings. 



[0020] In the course of the description which follows, 
reference is made to the drawings, in which: 

55 Fig. 1 is a view for illustrating in general an arrange- 
ment of a network management system according 
to an embodiment of the present invention; 
Fig. 2 is a block diagram showing schematically and 
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generally a structure of a computer serving as a 
management console which can be employed in 
the network management system according to the 
invention; 

Fig. 3 is a block diagram showing schematically and 
generally a structure of a computer serving as a 
supervising manager which can be employed in the 
network management system according to the 
invention; 

Fig. 4 is a block diagram showing schematically and 
generally a structure of a computer serving as a 
management platform which can be employed in 
the network management system according to the 
invention; 

Fig. 5 is a view for illustrating communication chan- 
nels formed or established among individual pro- 
gram modules in the network management system 
according to the invention; 

Fig. 6 is a block diagram illustrating a structure of a 
management console program which can be 
employed in the management console computer 
according to the invention; 

Fig. 7 is a block diagram illustrating a structure of a 
supervising manager program which can be 
employed in the supervising manager computer 
according to the invention; 
Fig. 8 is a block diagram illustrating a structure of a 
management platform program which can be 
employed in the management platform computer 
according to the invention; 

Fig. 9 is a flow chart for illustrating a flow of 
processings involved in collecting information con- 
cerning network equipment up to display thereof in 
the network management system according to the 
invention; 

Fig. 1 0 is a conceptual view for illustrating storing or 
packaging of network setup information in an 
object-oriented database in the network manage- 
ment system according to the invention; 
Fig. 11 is a view for illustrating a data structure 
adopted for handling object data on a plurality of 
network structure views which are handled by the 
network management system according to the 
invention; 

Fig. 12 is a view for illustrating a structure of an 
address management table employed in an envi- 
ronment for carrying out dynamic address alloca- 
tion in the network management system according 
to the invention; 

Fig. 13 is a view for illustrating a method or proce- 
dure for handling in a consolidated manner the net- 
work setup information in the network management 
system according to the invention; 
Fig. 14 is a view for illustrating an example of dis- 
play generated on a screen of a display device of 
the management console computer in the system 
according to the invention; 
Fig. 15 is a view showing a plurality of network con- 



figuration or structure views displayed stereoscopi- 
cally and hierarchically and illustrating mutual 
relations among the directory structure views; 
Fig. 16 is a flow chart for illustrating processings 

5 involved in setting the information concerning the 

network equipment in response to a command for 
altering the network configuration or structure up to 
the display of updated network structure informa- 
tion in the network management system according 

10 to the invention; 

Fig. 17 is a flow chart for illustrating a flow of 
processings for retrieving MAC addresses inherent 
to network cards mounted on individual equipment 
by making use of dynamic structure alteration sus- 

15 ceptibility of the virtual network i n the network man- 
agement system according to the invention; and 
Fig. 18 is a view for illustrating an example of a table 
for management of objects on the network, which 
table is employed in the network management sys- 

20 tern according to the invention. 

DETAILED DESCRIPTION OF THE EMBODIMENTS 

[0021 ] The present invention will be described in detail 
25 in conjunction with what is presently considered as pre- 
ferred or typical embodiments thereof by reference to 
the drawings. 

[0022] Now, a network management system accord- 
ing to an exemplary embodiment of the present inven- 

30 tion will be described by reference to Figs. 1 to 18. 

[0023] At first, referring to Fig. 1 , description will be 
directed to a system configuration in general of the net- 
work management system according to the instant 
embodiment of the invention. 

35 [0024] Connected to a network 20 are a computer 21 
serving as a management console (hereinafter referred 
to as the management console computer), a computer 
22 serving as a supervising manager (hereinafter 
referred to as the supervising manager computer), a 

40 server computer 23 serving as a management platform 
(hereinafter referred to as the management platform 
computer) for providing equipment managing environ- 
ment such as typified by SNMP (Simple Network Man- 
agement Protocol), a computer 24 for directory services 

45 (hereinafter referred to as the directory server compu- 
ter) and management-subjected equipment 25 which is 
subject to management. 

[0025] As management console programs 210 which 
run on the management console computer 21, there 

so can be mentioned such program modules as a display 
processing module 21 1 , an input/output control module 
212, a web browser module 213 and a communication 
control processing module 214. The display processing 
module 21 1 serves for realizing the function of display- 

55 ing network implementation statuses to a network man- 
ager. The input/output control module 212 serves for 
realizing the function of allowing the network manager 
to input commands. The web browser module 213 
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serves for providing a standard environment for the 
management console. The communication control 
processing module 214 serves for the function for ena- 
bling dynamic information exchange between the man- 
agement console computer 21 and the supervising 
manager computer. 22. Incidentally, security function, 
such as encrypted communication facility may be incor- 
porated in the communication control processing mod- 
ule 214. Concerning the hardware structure of the 
management console computer 21, description will be 
made later on by reference to Fig. 2. 
[0026] The display processing module 211, the 
input/output control module 212 and the communication 
control processing module 214 running on the manage- 
ment console computer 21 can be down-loaded from 
the supervising manager computer 22 as the program 
modules designed to run on the web browser module 
213 of the management console computer 21 by mak- 
ing use of the function of the web browser module 213. 
In that case, the module required to be loaded in the 
management console computer 21 at the least may be 
only the web browser module 213. 
[0027] At this juncture, it should be mentioned that by 
preparing the functions of the display processing mod- 
ule 21 1, etc., destined to run on the management con- 
sole computer 21 by using a language which is not 
specific to any particular platform (i.e., language com- 
mon to or universal to the platforms) such as worldwide 
standard language VRML (Virtual Reality Modeling 
Language), Java and the like, the display processing 
module 21 1 and others can be so implemented as to 
run on the web browser module 213 of given type 
through combination with HTML (Hyper Text Markup 
Language) or the like. Thus, the display processing 
module 211 and others can be so prepared as to run on 
the computers of large variety so long as the WWW 
(Worldwide Web) can be utilized. Furthermore, as the 
communication control processing module 214 capable 
of running on the management console computer 21, 
module conforming to other publicly known standards 
such as FTP (File Transfer Protocol) can be loaded or 
packaged. 

[0028] As the supervising manager program 220 des- 
tined to run on the supervising manager computer 22, 
there can be mentioned such program modules as a 
communication control processing module 222, a web 
server module 223, a database control module 224, a 
directory service control module 225, an equipment 
control procedure generating module 226, an equip- 
ment control communication processing module 227 
and an equipment discriminating or identifying function 
module 228. Further provided is an equipment setup 
information database (DB) 221 which is managed by 
the supervising manager computer 22. 
[0029] The communication control processing module 
222 is so designed as to allow dynamic information 
exchange with the management console computer 21. 
The web server module 223 serves for presenting static 



information display service to the management console 
computer in cooperation with the web browser module 
213. The database control module 224 is designed for 
storing equipment setup data required for management 

5 in the equipment setup information database (DB) 221. 
The directory service control module 225 is so designed 
as to realize retrieval or search function for equipment 
management data, network user information, etc., by 
taking into account the structure of equipment and/or 

10 hierarchical structure of enterprise organization. The 
equipment control procedure generating module 226 
serves for developing a setup altering procedure for the 
network equipment to an equipment setting sequence 
by making use of the equipment setup information data- 

is base 221. The equipment control communication 
processing module 227 serves to send the equipment 
setting sequence information to the management plat- 
form computer 23. The equipment identifying function 
module 228 is designed to identify discriminatively net- 

20 work equipment. Incidentally, concerning the hardware 
structure of the supervising manager computer 22, 
description will be made later on by referring to Fig. 3. 
[0030] As the management platform programs 230 
which are destined to run on the management platform 

25 computer 23, there are provided an equipment control 
procedure execution module 231 and an SNMP (Simple 
Network Management Protocol) manager module 232. 
The equipment control procedure execution module 231 
is so programmed as to control the execution of the 

30 equipment setting sequence sent from the supervising 
manager computer 22. On the other hand, the SNMP 
manager module 232 sends the information for man- 
agement to the equipment to be set up (hereinafter 
referred to as the setup-destined equipment) in accord- 

35 ance with the SNM protocol. 

[0031 ] In this conjunction, it should be mentioned that 
in the case where other equipment setup protocol than 
the SNMP is required, a corresponding manager 
designed for sending equipment setup information by 

40 using a relevant protocol may be disposed similarly to 
the SNMP manager module 232 to thereby support the 
relevant protocol. Incidentally, hardware structure of the 
management platform computer 23 will be described 
later on by reference to Fig. 4. 

45 [0032] As the directory service programs 240 which 
run on the directory server computer 24, there can be 
mentioned such server program modules as typified by 
a directory server module 242 and a communication 
control module 243. A directory database (DB) 241 is 

so managed by the directory server computer 24. The 
directory server module 242 is in charge of controlling 
the directory database 241 . The communication control 
module 243 is designed to control the communication 
with the supervising manager computer 22. 

55 [0033] Furthermore, as a management-subjected 
equipment control program 250 designed to run on the 
management-subjected equipment 25, there can be 
mentioned equipment control program modules such as 
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an equipment control module 251 , a management infor- 
mation base 252 and an SNMP (Simple Network Man- 
agement Protocol) agent module 253. 
[0034] The equipment control module 251 is pro- 
grammed to realize the functions of the equipment itself. 
The management information base 252 is standardized 
for realizing the network management function through 
the medium of SNMP or the like. The SNMP agent mod- 
ule 253 performs send/receive processings involved in 
transferring information stored in the management infor- 
mation base 252 with the SNMP manager module 232. 
[0035] Next, referring to Fig. 2, description will turn to 
the structure of the management console computer 21. 
[0036] The management console computer 21 is real- 
ized in a structure similar to that of the conventional 
computer and is comprised of a main unit 31, a porta- 
ble-type disk drive 32 such as a floppy disk drive or the 
like, a stationary disk storage 33, an input device 35 
such as a keyboard and/or a mouse, and an output 
device 36 such as a display device. The main unit 31 in 
turn is comprised of a disk controller 31 1, a main stor- 
age 312, a central processing unit (or central arithmetic 
unit) 313, a communication input/output interface con- 
troller 314, a keyboard/mouse controller 315 and a 
video board controller 316. 

[0037] The management console computer 21 
responds to the input/output from/to the network 20 to 
thereby fetch the management console program 210 
including the program modules 211, 212, 213 and 214 
for the management console to store them in the main 
storage 312. When the stationary disk drive 33 is pro- 
vided, it is utilized for the input/ output of temporarily 
saved information 331 such as cache data, etc. In this 
conjunction, it should be mentioned that the manage- 
ment console program 21 0, the program modules 21 1 , 
212 and 214 except for the web browser module 213 
can be delivered from the network 20, and thus the sta- 
tionary disk storage 33 illustrated as being provided for 
the management console computer 21 is not always the 
indispensable component for the network management 
system according to the present invention. 
[0038] Next, referring to Fig. 3, description will be 
made of the structure or configuration of the supervising 
manager computer 22. 

[0039] The supervising manager computer 22 is also 
realized in a structure similar to that of the conventional 
computer and comprised of a main unit 41 , a portable- 
type disk drive 42 such as a floppy disk drive, a fixed or 
stationary disk drive 43, an input device 45 such as a 
keyboard and/or a mouse, and an output device 46 such 
as a display device. The stationary disk drive 43 stores 
therein the equipment setup information database 221 , 
a temporarily saved information 431 such as cached 
data and a program file 432. The main unit 41 in turn is 
comprised of a disk controller 41 1 , a main storage 412, 
a central processing unit (central arithmetic unit) 413, a 
communication input/output interface controller 414, a 
keyboard/mouse controller 415 and a video-board con- 



troller 416. 

[0040] In the supervising manager computer 22, a 
group of the program modules for the supervising man- 
ager computer and a group of the program modules for 

5 the management console computer are held in the sta- 
tionary disk drive 43 in the form of program files 432. 
The group of the program modules for the supervising 
manager computer 22 are executed on the main stor- 
age 412 of the supervising manager computer 22. In 

10 response to an activation request issued from the man- 
agement console computer 21, the supervising man- 
ager computer 22 sends a group of the program 
modules 21 for the management console computer to 
the latter through the medium of the communication 

15 input/output interface controller 414. Further, 
send/receive requests issued on a real time basis are 
processed in response to user's operation or manipula- 
tion tor the supervising manager computer 22. 
[0041 ] Further, the supervising manager computer 22 

20 performs communication with the management platform 
computer 23 for acquisition and supply of the network 
equipment setup information. This communication is 
also performed through the medium of the communica- 
tion input/output interface controller 414 by way of the 

25 network 20 similarly to the communication with the man- 
agement console computer 21 . Incidentally, the super- 
vising manager computer 22 and the management 
platform computer 23 need not always be provided 
independently. The functions of these computers 22 

30 and 23 may be realized by using one and the same 
computer hardware. In that case, the data transfer men- 
tioned above can be realized through a data bus pro- 
vided internally of the computer mentioned just above 
without need for intervention of the network. 

35 [0042] Next, referring to Fig. 4, description will be 
made of the structure of the management platform com- 
puter 23. 

[0043] The management platform computer 23 is also 
realized in a structure of the conventional computer and 

40 comprised of a main unit 51 . a portable-type disk drive 
52 such as a floppy disk drive, a fixed or stationary disk 
drive 53, an input device 55 such as a keyboard and/or 
a mouse, and an output device 56 such as a display 
device. The stationary disk drive 53 stores therein a 

45 temporarily saved information 531 such as cached data 
and a program file 532. On the other hand, the main unit 
51 is comprised of a disk controller 51 1 , a main storage 
512, a central processing unit 513, a communication 
input/output interface controller 514, a keyboard/mouse 

so controller 515 and a video-board controller 516. 

[0044] Now, referring to Fig. 5, description will be 
made of communication channels formed for the com- 
munications performed among the individual program 
modules of the management console program 210, the 

55 supervising manager program 220, the management 
platform program 230, the directory service program 
240 and the management-subjected equipment control 
program 250 illustrated in Fig. 1. 
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[0045] The communication channel established or 
secured between the management console program 
210 and the supervising manager program 220 includes 
a communication channel secured between the web 
server module 223 and the web browser module 213 for 
transmission of programs, and a communication chan- 
nel established between the communication control 
processing modules 214 and 222 in response to a data 
send/receive request issued on a real time basis upon 
activation of the program. As the protocol for these com- 
munications, a conventional communication protocol 
such as "HTTP (Hyper Text Transfer Protocol)" or 
"Socket" can be used. 

[0046] Further secured or established between the 
supervising manager program 220 and the directory 
service program 240, more specifically, between the 
directory service control module 225 and the communi- 
cation control module 243 is a communication channel 
for enabling search and update processing for the direc- 
tory database 241 . In that case, as the communication 
protocol to this end, there may be employed a standard 
protocol such as DAP (Directory Access Protocol) or 
LDAP (Lightweight Directory Access Protocol). 
[0047] Furthermore, for allowing the supervising man- 
ager program 220 to acquire information from the net- 
work equipment and execute setup operation, another 
communication channel is established between the 
supervising manager program 220 and the manage- 
ment platform program 230, more specifically, between 
the equipment control procedure generating module 
226 and the equipment control procedure execution 
module 231 . As the communication protocol to this end, 
there can be employed a transfer protocol such as "ftb" 
and a data exchange protocol such as a data stream 
processing communication protocol. Besides, in the 
case where the management platform program 230 and 
the supervising manager program 220 are designed to 
run on the same computer hardware, an inter-process 
communication mechanism such as a pipe can be 
employed alternatively as the communication channel. 
[0048] Additionally, communication channels are 
secured between the SNMP manager module 232 of 
the management platform program 230 and individual 
SNMP agents 253 of management-subjected equip- 
ment control programs 250a, 250b and 250n, 

respectively. 

[0049] Next, referring to Fig. 6, description will be 
made in detail of a structure of the management con- 
sole program 210. Parenthetically, in this figure, refer- 
ence numerals same or components as those used in 
Fig. 1 designate, respectively, like parts as those shown 
in Fig. 1. 

[0050] The management console program 21 0 is con- 
stituted by the display processing module 211, the 
input/output control module 212, the web browser mod- 
ule 213 and the communication control processing 
module 214, as shown in Fig. 1. The management con- 
sole program 210 can be functionally classified globally 



into three types of application modules in dependence 
on the contents to be displayed on the output device 36 
(Fig. 2) which serves as a user interface tor the man- 
agement console computer 21 . They are a menu mod- 

5 ule 2101 , a two-dimensional tree view module 2102 and 
a three-dimensional tree view module 2103. 
[0051] As the component modules for realizing the 
display processing module 211, there can be mentioned 
a menu control processing module 2111 which is imple- 

10 mented with a web-destined script language such as 
HTML (Hyper Text Markup Language). Java Script or 
the like, a two-dimensional tree control processing mod- 
ule 2112 implemented with a web-destined program 
language and a three-dimensional view control 

15 processing module 21 13 implemented with a script lan- 
guage for the three-dimensional display such as VRML 
(Virtual Reality Modeling Language) or the like. 
[0052] As the component modules for realizing the 
input/output control module 212, there can be men- 

20 tioned an input control module 2121 for controlling 
inputs from the menu as displayed, a two-dimensional 
database control module 2122 for requesting the super- 
vising manager for input/output of data for the two- 
dimensional display, a two-dimensional/three-dimen- 

25 sional communication processing module 2123 for per- 
forming communication control for interlocking 
operations of the two-dimensional display and the three- 
dimensional display, a three-dimensional database con- 
trol module 2124 for requesting the supervisory man- 

30 ager for input/output of data for the three-dimensional 
display, and an action library module 2125 for altering 
contents of the three-dimensional display in accordance 
with the commands inputted by the user. 
[0053] As the constituent modules required for the 

35 web browser module 213, there can be mentioned a vir- 
tual machine module 2131 for executing a web-destined 
program on the web browser and a VRML (Virtual Real- 
ity Modeling Language) plug-in module 2132 designed 
for executing actual display processing by processing 

40 the script language for the three-dimensional display. 
[0054] Furthermore, as the constituent modules for 
realizing the communication control processing module 
214, there can be mentioned an equipment setting mod- 
ule 2141 for enabling to manipulate directly the function 

45 of the management platform from the menu, a two- 
dimensional database (DB) access module 2142 for 
actually transferring to the supervisory manager a 
request issued by the two-dimensional database control 
module 2122 to thereby acquire the result thereof, and 

so a three-dimensional database access module 2143 for 
actually transferring to the supervisory manager a 
request issued by the three-dimensional database con- 
trol module 2124 to thereby acquire the result thereof. 
[0055] Next, referring to Fig. 7, description will be 

55 made in detail of a structure of the supervising manager 
program 220. In the figure, like reference numerals as 
those used in Fig. 1 denote components like as or 
equivalent to those shown in Fig. 1 . 
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[0056] The supervising manager program 220 is con- 
stituted by such program modules as the communica- 
tion control processing module 222, the web server 
module 223. the database control module 224, the 
directory service control module 225, the equipment 5 
control procedure generating module 226. the equip- 
ment control communication processing module 227 
and the equipment identifying function module 228, as 
described hereinbefore by reference to Fig. 1. The 
equipment control procedure generating module 226 in 10 
turn is comprised of an equipment control module 226a 
and an equipment setting module 226b for relaying or 
repeating to the management platform the information 
which is required for directly manipulating the manage- 
ment platform computer 23 from the management con- 15 
sole computer 21 . 

[0057] As the constituent or component modules for 
implementing the equipment communication control 
processing module 222, there are provided for perform- 
ing communication processing with the display process- 20 
ing module 211 of the management console computer 
21 a two-dimensional database interface module 2221 
for receiving commands inputted from the two-dimen- 
sional database access module 2142 shown in Fig. 6, a 
three-dimensional database interface module 2222 for 25 
receiving commands inputted from the three-dimen- 
sional database access module 2143. a data conver- 
sion module 2223 for converting various types of 
information supplied from the equipment setup informa- 
tion database 221 and the directory service program 30 
240 into a format suited for data interfacing with the 
management console program 210. and a database 
access control module 2224 for performing a process- 
ing of distributing the various database access requests 
to the pertinent database control modules for the equip- 35 
ment setup information database 221, the directory 
database 241 and the like. 

[0058] As the component module for implementing the 
equipment setup information database 221, there is 
required a database function such as an SQL (Struc- 40 
tured Query Language) server 221 1 or the like. 
[0059] Similarly, for realizing the database control 
module 224, there are required a database function 
such as a view information control module 2241 stored 
as the data common to the two-dimensional display and 45 
the three-dimensional display an attribute information 
control module 2242 for controlling the detail attribute 
information of the management-subjected equipment, 
and an SQL (Structured Query Language) server 2243 
designed for database control. so 
[0060] As the component modules for implementing 
the directory service control moctile 225, there are 
required a directory service control interface module 
2251 such as LDAP (Lightweight Directory Access Pro- 
tocol), API (Application Program Interface) or the like for ss 
issuing a request for data search/update or the like to 
the directory service. 

[0061] Further, as another component module for 



implementing the equipment control procedure generat- 
ing module 226, there is required an SNMP command 
sequence generating module 2261 for generating an 
equipment control sequence in the form of a string of 
commands conforming to SNMP (Simple Network Man- 
agement Protocol) representative of the equipment con- 
trol protocol, to thereby supply the control sequence to 
the management platform computer 23. Besides, there 
may be prepared a similar command sequence gener- 
ating module for realizing or packaging the function for 
collecting information from the equipment having no 
SNMP interface and/or for the setup thereof. 
[0062] As the equipment control communication 
processing module 227, there may be mentioned a 
gateway function 2271 to the management platform. 
[0063] Next, referring to Fig. 8, description will be 
made in detail of a structure of the management plat- 
form program 230. In the figure, like reference numerals 
as those used in Fig. 1 denote components like as or 
equivalent to those shown in Fig. 1 . 
[0064] The management platform program 230 
includes the equipment control procedure execution 
module 231 and the SNMP manager module 232, as 
can be seen in Fig. 1. 

[0065] As the component modules for realizing the 
equipment control procedure execution module 231, 
there are provided a socket 2311 for receiving commu- 
nication from the supervising manager computer 22, a 
database application program interface 2312 for manip- 
ulating a local database of the management platform 
computer 23, and an SNMP application program inter- 
face 2313 for enabling manipulation of the SNMP man- 
ager 232. 

[0066] The SNMP manager 232 has be to equipped 
with an application program interface function for using 
an application program interface 2321 when the man- 
ager function is employed. Additionally, as other compo- 
nents of the SNMP manager module 232, there are 
provided a network equipment managing engine 2322, 
a device managing engine 2323, a local database 2324 
for networks object and an SNMP demon 2325 for gen- 
erating SNMP packets. 

[0067] The management-subjected equipment control 
programs 250a, 250b, ... and 250n are constituted by 
the equipment control modules 251a, 251b. ... and 
251 n, the management information bases 252a, 252b, 
... and 252n, and the SNMP agents 253a, 253b, ... and 
253n, respectively. 

[0068] Next, by referring to Fig. 9, description will be 
directed to a flow of processings involved in starting or 
activating of the network management system accord- 
ing to the instant embodiment of the invention, collect- 
ing the information concerning the individual network 
equipment and displaying the network configuration 
information in the management console computer. In 
the figure, like reference numerals as those used in Fig. 
1 denote components like as or equivalent to those 
shown in Fig. 1 . 
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[0069] Referring to Fig. 9, in the network management 
system according to the present invention, the web 
browser module 213 of the management console pro- 
gram 210 is activated in a step S61 . 
[0070] In succession, the network management sys- 5 
tern is activated in a step S62. 

[0071] In response to the activate processing of the 
web browser module 213 in the step S61 and the acti- 
vate processing of the network management system in 
the step S62, the activation processings mentioned 10 
below are executed. 

[0072] In a step S631 , the management console pro- 
gram 210 executes download processing of the menu 
page, while the supervising manager program 220 exe- 
cutes upload processing in a step S641. Then, the 15 
menu page is called through communication between 
the web server 223 of the supervising manager program 
220 and the web browser 213 of the management con- 
sole program 210. 

[0073] Subsequently, in a step S642, the supervising 20 
manager program 220 executes a processing for 
searching or retrieving the setup information of the indi- 
vidual network equipment from the equipment setup 
information database 221 . 

[0074] At that time, the supervising manager program 25 
220 decides in a step S643 whether or not the setup 
information of all the equipment has been acquired 
while confirming the existence of the equipment on the 
network. When it is decided that the setup information of 
all the equipment on the network has been acquired, the 30 
processing proceeds to a step S647. 
[0075] By contrast, when it is decided that the setup 
information of all the equipment has not been acquired 
yet, the supervising manager program 220 generates a 
sequence for acquiring the equipment setup intonation 35 
(MIB values (Management Information Base values)) in 
a step S644. 

[0076] In succession, the supervising manager pro- 
gram 220 requests the management platform program 
230 to execute the setup information acquisition 40 
processing in a step S645. 

[0077] The management platform program 230 issues 
the SNMP command to the management-subjected 
equipment control programs 250, respectively, in 
response to the request for the setup information acqui- as 
s'rtion processing issued by the supervising manager 
program 220 in a step S651 . 

[0078] Each of the management-subjected equipment 
control programs 250 executes the equipment setup 
information (MIB value) acquisition processing in so 
response to the SNMP command from the management 
platform program 230 in a step S661. The equipment 
setup information (MIB value) as acquired is then sent 
through the medium of the management platform pro- 
gram 230 to the supervising manager program 220, ss 
which receives the information through the processing 
in the step S645. 

[0079] Next, in a step S646, the supervising manager 



program 220 executes a processing for updating the 
equipment setup information database on the basis of 
the equipment setup information as received. The 
updated equipment setup information is sent back to the 
web server module 223 to be received by the manage- 
ment console program 210 through the upload process- 
ing in the step S641 and the download processing in the 
step S631. 

[0080] Furthermore, in a step S647, the supervising 
manager program 220 executes a processing for gener- 
ating three-dimensional display data. 
[0081] Hereat, referring to Fig. 10, description will be 
made of the concept of storing or packaging to network 
setup information in the object-oriented database in the 
network management system according to the instant 
embodiment of the invention. 

[0082] Individual objects appearing in a directory tree 
structure view 81 representing an organization are 
packaged or stored in the directory database 241 , while 
individual objects in a tree structure view 82 represent- 
ing a structure or configuration of the virtual network are 
packaged in the equipment setup information database 
221 , wherein correlations are established to individual 

equipment setup information 83 (831a and 831k), 

respectively, which correspond to the individual equip- 
ment and the functions thereof determined through the 
equipment control procedure execution module 231 of 
the management platform computer 23. 
[0083] In the case of the example illustrated in Fig. 1 0, 
two objects "Department #1 " and "Department #2" bear 
correspondences to two virtual segments of LAN emu- 
lations "ELAN #1" and "ELAN #2", respectively, while 
two sections "Section #1" and "Section #2" correspond 
to two virtual segments "VLAN #1" and "VLAN #2", 
respectively. At this juncture, it should be mentioned 
that in the case where the correspondence relations 
lack consistency, it is possible to indicate the corre- 
spondence relations by arrows. 

[0084] Furthermore, relations between the users and 
the individual LEC objects are defined. When the user 
occupies exclusively one LEC, the correspondence 
relation with the object is indicated by one-to-one corre- 
spondence relation. On the other hand, when a plurality 
of users use one LEC, the correspondence relation is 
indicated by a "plural-to-one" correspondence relation. 
Similarly, in the case where one user is using a plurality 
of LECs, the relation can be given by "one-to-plural" cor- 
respondence relation. 

[0085] The objects 831 a, ... and 831 k represent object 
data of the equipment displayed on the physical net- 
work, respectively, and are related to the individual 
objects on the virtual network. 

[0086] Thus, when the setup status of an obj ect on the 
virtual network is to be altered, the relevant equipment 
for which manipulation should be performed can easily 
be identified. Besides, when the department to which a 
user belongs is to be changed, it can be easily deter- 
mined how to alter or change the configuration of the 
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virtual network or for which of the equipment the altera- 
tion of the network configuration is to be performed. 
[0087] Next, referring to Fig. 11, description will be 
directed to an exemplary or typical data structure for 
handling the object data on a plurality of network struc- 
ture views handled by the network management system 
according to the instant embodiment of the invention. 
[0088] Object items 85 and object attributes 86 are 
stored as parts of the main storage 41 2 of the supervis- 
ing manager computer 22, wherein the object items 85 
represents the data of one object displayed on a given 
one of the network layers. 

[0089] An object identifier 851a is composed of an ID 
(identifier) of the network layer to which the relevant 
object belongs and an ID of the object on that network 
layer. 

[0090] Individual information such as object informa- 
tion 851b of the physical network layer, link information 
851c for the physical network layers, object information 
851d of the virtual network layer, link information 851 e 
for the virtual network layers, object information 851 f of 
the logical network layer, link information 85 1g for the 
logical network layers, object information 851 h of the 
directory layer, link information 851 i for the directory lay- 
ers, object information 851 j of added layer and link infor- 
mation 851k for the added layer are stored as pointers 
at respective relevant areas of the main storage 412 
storing actually the data of the object attribute database 
86 to be used as the association information (relation 
establishing information) for the other objects in the 
same network or objects on the other network layers. 
[0091] By way of example, in order to know in what 
fashion a given object is shown on the physical network 
layer, then the physical network layer object information 
851b may be referenced to make access to the area 
where the attribute information of that object is stored. 
Thus, the information of concern can be obtained. 
[0092] Furthermore, in order to know what kind of 
relation or association the above-mentioned object 
bears to other object on the physical network, then the 
physical network layer link information 851 c may be ref- 
erenced to make access to the area where the object 
attribute information is stored, to thereby acquire the 
information of concern. 

[0093] By adding the object association information 
such as mentioned above, information concerning serv- 
ices or the like on the other networks can also be added 
easily although not described concretely herein. 
[0094] Next, referring to Fig. 1 2, description will be 
made of a structure of an address management table 
employed in the environment in which address alloca- 
tion is performed dynamically in the network manage- 
ment system according to the instant embodiment of the 
invention. 

[0095] The address management table 50 for manag- 
ing the IP address allocation status contains a list of 
addresses 501 of the IPs which are to be managed with 
this table as the subjects for the address allocation, 



information concerning active/reserved/unoccupied sta- 
tuses of the IP addresses, as designated by reference 
numeral 502, and information concerning MAC 
addresses allocated to network ports of the machines or 
5 equipment to which the IP addresses have been allo- 
cated, as designated by reference numeral 503. The 
address management table 50 is stored in the main 
storage 412 incorporated in the supervising manager 
computer 22. 

10 [0096] The active/reserved/unoccupied statuses 502 
of the IP addresses can be indicated by the respective 
records 541a 541b, ... and 541 z. Byway ol example, the 
IP address "192.168.11.0" of the record 541a is allo- 
cated with the MAC address "00:00:00.-22:1 1 :42" at the 

15 port, indicating that the corresponding I P address is cur- 
rently in the reserved state, which in turn means that the 
relevant IP address is not currently being used. The IP 
address "192.168.11.2" is allocated with the MAC 
address "00:00:0023:11:55" and is in the active state, 

20 i.e., "used or occupied states". Needless to say, similar 
management can be performed on the other logical 
addresses than the IP addresses. 
[0097] in this manner, with the dynamic logical 
address allocation facility described above, it is possible 

25 to manage the address allocation status on a real-time 
basis. 

[0098] Now, turning back to Fig. 9, processings exe- 
cuted by the management console program 210 in suc- 
cession to the step S632 will be described. 
30 [0099] In a step S632 in Fig. 9, the management con- 
sole program 210 executes the directory information 
acquisition processing for the supervising manager pro- 
gram 220. 

[01 00] In a step S648, the supervising manager pro- 
35 gram 220 responds to a directory information acquisi- 
tion request issued by the management console 
program 21 0 to thereby issue a request for search of the 
directory database 241 . 

[0101] In a step S671, the directory service program 
40 240 makes access to the directory server module 242 in 

response to the above-mentioned search request to 

thereby acquire the directory information which is then 

transferred to the supervising manager program 220. 

[0102] On the other hand, the supervising manager 
45 program 220 transfers the received directory intonation 

to the management console program 210 through the 

processing in a step S648. 

[0103] Thus, the management console program 210 
acquires the directory intonation through the processing 

50 in the step S632. 

[01 04] At this juncture, referring to Fig. 1 3, description 
will be made of a registration method which allows the 
network setup information packaged in the object-ori- 
ented database shown in Fig. 10 to be handled on the 

55 directory database 241 in a consolidated manner. 

[01 05] As described hereinbefore by reference to Fig. 
10, the data 91, 92 and 93 hierarchized on a group 
basis are registered in the directory database 241, 
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respectively, at locations determined with reference to 
other object of a same level in each of the groups. More 
specifically, of the data 91, the user related information 
"User Info.", and the logical network structure informa- 
tion of the virtual network "Virtual Network Info." and the 5 
physical connection information of the equipment and 
the network "physical Equipment" are registered in a 
same hierarchical layer. 

[0106] The directory "User Info.", for the user-related 
information has a tree structure in which "Organization" 10 
is located at hierarchically lower layer with "Department 
#1" and "Department #2" being located hierarchically at 
lower layer than "User Info.". As to the logical network 
structure information "Virtual Network Info.", data 92 of 
tree structure is registered in "Virtual Network Info." of 15 
the data 91 , whereby such a tree structure is realized in 
which "LECS" is disposed at a hierarchically lower layer 
of "Virtual Network Info." of the data 91 with "ELAN #1" 
and "ELAN #2" being located at hierarchically lower 
layer than "LECS". Similarly, in the physical connection 20 
information "Physical Equipment", data 93 is registered 
in data 91 "Physical Equipment", wherein information 
"ATM", "LECS", "LES", etc., are located at hierarchically 
lower level than the data 91 "Physical Equipment". 
[0107] By virtue of the registration such as described 25 
above, the setup information of the individual equip- 
ment, the information of the virtual network structure or 
configuration and the user management information 
can be handled as the same type directory service data, 
and at the same time the relations or associations 30 
between the users and the equipment can easily be 
packaged in association with the individual object data 
on the directory service. 

[0108] Furthermore, owing to the availability of the 
inter-object access control list and the authentication 3s 
function, manipulation as well as method for allowing 
the user to make access to the individual equipment can 
easily be defined. In this conjunction, it should also be 
mentioned that by defining the authentication functions 
for the equipment and the virtual networks similarly to 40 
the authentication of the users, the network manage- 
ment system of significantly high reliability can be real- 
ized while assuring very high security. 
[0109] Now, referring to Fig. 14, description will be 
made of an example of display generated on a screen of 45 
a display device of the management console computer 
21 according to the invention. 

[01 1 0] The screen of the display device which serves 
as the output device 36 of the management console 
computer 21 may be composed of display areas 1901, so 
1904 and 1905, a control area or field 1903 and others. 
In the display area 1901 located at a left-hand side of 
the display screen, the data acquired or read out from 
the directory database 241 are displayed in a tree struc- 
ture. In the case of the illustrated example, the user- ss 
related information "User Info." contained in the data 91 
described hereinbefore by reference to Fig. 14 is dis- 
played in the area 1901. Incidentally, by displaying the 



menu by clicking a button 1 901 A, it is possible to display 
equally the logical network configuration information 
"Virtual Network Info." or the physical connection infor- 
mation "Physical Equipment" in place of the user- 
related information "User Info.". 
[01 1 1 ] In the display area 1 904, a three-dimensional 
display is generated. The three-dimensional display is 
composed of a user's display plane 1 040 for displaying 
the user-related information, a virtual network display 
plane 1020 for displaying the logical network configura- 
tion information and a physical network display plane 
1010 for displaying the physical connection information, 
details of which will be described later on by reference 
to Fig. 16. By generating the three-dimensional display 
in this manner, the information of the users as well as 
the network information can be displayed very effec- 
tively. In this conjunction, it should however be added 
that although the three-dimensional image is displayed 
in the case of the example illustrated in Fig. 14, the two- 
dimensional image generated through the processing in 
the step S633 shown in Fig. 9 can equally be displayed 
by changing the display method correspondingly. 
[0112] The control field 1903 is provided for allowing 
the sight line for the display area 1904 displayed three- 
dimensionally. The display area 1905 serves as a status 
display area for displaying the menu of items for manip- 
ulation and the current statuses. 
[0113] Now referring to Fig. 15, description will be 
directed to a typical method of handling inter-layer rela- 
tions in the case where a plurality of network structure 
views and a directory structure view are displayed ster- 
eoscopically in hierarchical layers in the network man- 
agement system according to the instant embodiment 
of the invention. Parenthetically, Fig. 15 shows the con- 
tents displayed in the three-dimensional display area 
1904 described above by reference to Fig. 14. 
[01 14] In the physical network display plane 1 01 0 for 
displaying the physical interconnection information, 
there is displayed an example of the physical network 
structure view showing three-dimensionally the physical 
interconnection relation of the networks handled by the 
network management system according to the instant 
embodiment of the invention. 

[01 1 5] More specifically, there are arrayed in the form 
of stereoscopic object icons on the three-dimensionally 
displayed plane 1010, an ATM (Asynchronous Transfer 
Mode) switch 1012, a router 1013 connected to the ATM 
switch 1012, a personal computer 101 1 on which LECS 
is running, personal computers 1014a and 1014b on 
which LES is running, personal computers 1015a, 
101 5f on which LEC are running, a switch 1016 and 
connection 1019 to other network, respectively. Further, 
in order to indicate mutual connections among the 
machines or equipment, lines indicating the equipment 
interconnection relations are displayed among the indi- 
vidual object icons. 

[01 1 6] Displayed on the virtual network display plane 
1020 for displaying the logical network configuration 
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information is a typical virtual network structure view 
showing three-dimensionally implementation statuses 
of virtual network segments of the network, as handled 
by the network management system according to the 
invention. 

[01 1 7] More specifically, shown on the virtual network 
display plane 1020 as the virtual network segments are 
emulated LANs 1027a and 1027b as well as VLANs 
1028a and 1028b in the form of closed areas, respec- 
tively, wherein servers and clients constituting the vir- 
tual network are shown as stereoscopical object icons, 
respectively. In more concrete, the LECS 1021 and the 
LESs 1024a and 1024b are shown as server objects of 
the LAN emulation as connected to the ATM while the 
LESs 1025a, .... 1025f and the Ethernet switch appara- 
tus 1022 are shown as the client objects, respectively. It 
can further be seen that lines are displayed for indicat- 
ing server-client relations between the server objects 
and the client objects, respectively. 
[01 18] The user display 1 040 is generated in depend- 
ence on the users and the departments or sections of 
an organization to which the users belongs. In the case 
of the example illustrated in Fig. 10, the directory data 
are displayed three-dimensionally in the form of a direc- 
tory data structure 81 . Two departments "Department 
#1 " and "Department #2" mentioned previously by refer- 
ence to Fig. 10 are shown as the closed areas, respec- 
tively. On the other hand, sections "Section #1" and 
"Section #2" are shown in the form of closed areas 
1048a and 1048b, respectively. The ranking relation 
among the individual areas and the affiliations of the 
users are indicated by subsumptive relations among the 
closed areas, respectively. Thus, the individual users 
1045a, .... 1045f are disposed within the closed areas 
indicating the departments or sections to which the 
users belong, respectively. 

[0119] Arrows 1401a; 1401b and 1402a; 1402b repre- 
sent relations or associations among the objects shown 
as the stereoscopical object icons in a plurality of net- 
work structure views. By way of example, the arrow 
1401b indicates that in the virtual network, the user 
1045a is a same entity as the LEC computer 1025a 
which belongs to the virtual segment 1027a. Further, 
the arrow 1401c indicates that in the physical network, 
the LEC computer 1 025a is a same entity as the compu- 
ter 1015a. Similarly, correspondence relations among 
the user 1045c, the computer 1025c on the virtual net- 
work and the computer 1015a on the physical network 
are indicated by the arrows 1402b and 1402c, respec- 
tively. 

[0120] Next, referring to Fig. 16, description will be 
made of a flow of processings involved in setting the 
information concerning the individual network equip- 
ment up to the generation of display of the information 
concerning an altered or updated network structure or 
configuration in response to a user's command 
demanding alteration or change of the network configu- 
ration in the network management system according to 



the invention. 

[01 21 ] In a step S71 , when user inputs a command for 
alteration or change or modification of the network con- 
figuration, processings according to the instant embodi- 

5 ment of the invention is started. 

[01 22] In a step S731 , the management console pro- 
gram 210 decides whether or not the user's command 
indicates alteration of the network configuration. Unless 
the command indicates the alteration, i.e., when the 

10 decision step S731 results in negation "NO", the 
processing proceeds to a step S733. 
[01 23] When the network configuration being set up is 
to be altered, the management console program 210 
messages or informs the supervising manager program 

15 220 of the contents of the alteration. 

[01 24] Upon reception of the message informing the 
alteration, the supervising manager program 220 
acquires the contents of alteration in a step S741 . 
[0125] In succession, the supervising manager pro- 

20 gram 220 searches the equipment setup information 
database 221 in a step S742. 

[0126] In a step S743, the supervising manager pro- 
gram 220 lists up the machines or equipment for which 
the setup status is to be altered. 
25 [01 27] Subsequently, the supervising manager pro- 
gram 220 checks validity of the contents of the alteration 
as well as the validity of the setup status updating 
processing in a step S744. 

[01 28] In a step S745, the supervising manager pro- 
30 gram 220 generates a sequence of the equipment setup 
information (MIB (Management Information Base) val- 
ues). 

[0129] In succession, in a step S746, the supervising 
manager computer 22 activates the setup processing 
35 while informing the management platform program 230 
of the setup processing. 

[01 30] In a step S751 , the management platform pro- 
gram 230 issues the SNMP command to the individual 
management-subjected equipment control programs 
40 250, respectively, in accordance with the setup process- 
ing information issued by the supervising manager pro- 
gram 220. 

[0131] In a step S761, the management-subjected 
equipment control program 250 executes the setup 

45 processing in accordance with the equipment setup 
information (MIB values) in response to the SNMP com- 
mand issued by the management platform program 
230. Upon completion of the setup processing, informa- 
tion concerning completion of the setup processing is 

so sent to the supervising manager program 220 through 
the medium of the management platform program 230 
and received by the former through the processing in a 
step S746. 

[01 32] In succession, in a step S747, the supervising 
55 manager computer 22 updates the contents of the 
equipment setup information database 221 . 
[0133] Additionally, in a step S748, the supervising 
manager program 220 issues a request to the directory 



12 



23 



EP 0 964 546 A2 



24 



service program 240 for updating the contents of the 
directory database 241 . 

[01 34] Upon reception of the content updating request 
mentioned above, the directory service program 240 
makes access to the directory server module 242 to 
update the contents of the directory database 241 in a 
step S771 . 

[0135] On the other hand, the supervising manager 
program 220 terminates the alteration or updating 
processing in a step S749. 

[0136] Upon reception of the information of comple- 
tion of the alteration processing, the management con- 
sole program decides whether or not the contents of 
display is to be updated in a step S733. When the dis- 
play is not to be updated, the processing proceeds to a 
step S736. 

[0137] By contrast, when the content of display is to 
be updated, the management console program 210 
executes the two-dimensional display program for alter- 
ing or modifying the content of display, to thereby gener- 
ate two-dim ensiona) display data on the screen of the 
output device 36 such as the display device of the man- 
agement console computer 21 in a step S734. 
[0138] In a step S735, the management console pro- 
gram 210 executes the three-dimensional display pro- 
gram to alter the content of display, for thereby 
generating the three-dimensional display data on the 
screen of the output device 36 such as the display 
screen of the management console computer 21 . 
[0139] Furthermore, in a step S736, the management 
console program 210 executes the directory display 
data generating processing for generating the directory 
display data on the screen of the output device 36 such 
as the display screen of the management console com- 
puter 21. 

[0140] Thereafter, the processing of the management 
console program 210 makes transition to a step S737 
where the user's input is waited for. 
[0141] Next, referring to Fig. 17, description will be 
made of a flow of processings for identifying the network 
equipment and searching or retrieving the MAC (Media 
Access Control) addresses intrinsic to network cards 
each mounted on the equipment by making use of the 
dynamic virtual network altering facility, for thereby 
acquiring topology information which represents the 
physical-interconnection relations of the network equip- 
ment in the network management system according to 
the invention. 

[0142] Referring to Fig. 1 7, in a step S91 0, the super- 
vising manager program 220 responds to activation of 
the VLAN topology search by activating a topology 
search system in a step S91 1 . 

[0143] In succession, the supervising manager pro- 
gram 220 executes a processing for retrieving the setup 
information of the individual network equipment 
[0144] At that time, the supervising manager program 
220 decides in a step S913 whether or not the setup 
information of alt the LANS have been acquired while 



confirming the interconnection relations of the equip- 
ment on all the LANs. When it is decided that the setup 
information of the equipment on ail the LANs have 
already been acquired, the processing proceeds to a 

5 step S9 19. 

[0145] By contrast, when it is decided that the setup 
information of the equipment on ail the LANs have not 
been acquired yet, i.e., when the interconnection rela- 
tions among the equipment have not defined yet is 

10 found, the supervising manager program 220 activates 
existing VLAN setup information acquisition processing 
for saving temporarily the information concerning the 
current virtual network configuration, whereon request 
for the acquisition processing of the setup information is 

is issued to the management platform program 230 in a 
step S914. 

[01 46] The management platform program 230 issues 
the SNMP command to the management-subjected 
equipment control programs 250, respectively, in 
20 response to the request for the setup information acqui- 
sition processing issued by the supervising manager 
program 220 in a step S931 . 

[01 47] Each of the management-subjected equipment 
control programs 250 executes the equipment setup 

25 information (MIB value) acquisition processing in 
response to the SNMP command from the management 
platform program 230 in a step S941. The equipment 
setup information (MIB value) as acquired is then sent 
through the medium of the management platform pro- 

30 gram 230 to the supervising manager program 220, 
which receives the information through the processing 
in the step S914. 

[0148] Next, in a step S915, the supervising manager 
program 220 activates the setup processing for the 

35 searching or retrieving VLAN and issues a message of 
the processing for setting the setup information for the 
management platform program 230. 
[01 49] In a step S93 1 , the management platform pro- 
gram 230 issues the SNMP command to the individual 

40 management-subjected equipment control programs 
250, respectively, in accordance with the setup process- 
ing information issued by the supervising manager pro- 
gram 220. In that case, the management platform 
program 230 alters dynamically the virtual networks 

45 managed by the equipment by performing the control for 
retrieving the individual network ports. 
[0150] In a step S942, the management-subjected 
equipment control program 250 executes the setup 
processing in accordance with the equipment setup 

so information (MIB values) in response to the SNMP com- 
mand issued by the management platform program 
230. Upon completion of the setup processing, informa- 
tion concerning completion of the setup processing is 
sent to the supervising manager program 220 through 

55 the medium of the management platform program 230. 
[01 51 ] in that case, the supervising manager program 
220 executes the MAC address information query 
processing in a step S916. In other words, the supervis- 
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ing manager program 220 can grasp the inter-equip- 
ment connection relations by retrieving the MAC 
addresses of the equipment connected to the ports, 
respectively. 

[0152] Next, in a step S917, the supervising manager 
program 220 executes a processing for restoring the 
original virtual network configuration after completion of 
a series of the processings described above. 
[0153] Furthermore, in a step S918, the supervising 
manager computer 22 updates the contents of the 
equipment setup information database 221. 
[0154] Now, description will be made of an exemplary 
object management table indicating the interconnection 
status of the network which results from the updating 
step S918 and which is stored in the equipment setup 
information database 221 . 

[01 55] The object management table 60 contains a list 
of MAC addresses 61 employed for identification of the 
objects, a list of computer names 62 used as the names 
representing the objects, respectively, a list of logical 
address allocation statuses 63 indicating the addresses 
allocated to the individual objects and a list of given sta- 
tuses 64. Each of the objects is identified by the intrinsic 
MAC address allocated to the port of the equipment and 
can be managed independent of the allocation status of 
the logical network addresses. The object management 
table 60 is generated by the supervising manager pro- 
gram 220 and stored in the equipment setup information 
database 221 of the supervising manager computer 22. 
[0156] Now, turning back to Fig. 17, the supervising 
manager program 220 makes decision as to whether or 
not the search has been completed for all the ports. 
Unless the search has been completed, the steps S914 
et seq. are executed repeatedly. When the search has 
been completed, the VLAN topology search processing 
comes to an end. 

[0157] As will now be appreciated from the foregoing 
description, according to the teachings of the present 
invention incarnated in the illustrated embodiment, the 
interconnection relation of the physical network equip- 
ment, logical structure information of the virtual net- 
works and the user information can be stored in the 
directory service data. By virtue of such arrangement, 
the setup of the virtual network can be referenced or 
supervised or altered easily at one location or place in a 
consolidated manner. 

[0158] By using the management console computer 
capable of generating the two-dimensional or three- 
dimensional cS splay, the configuration of the logical net- 
work segments based on the virtual network and the 
physical network configuration implemented through 
physical wiring of the equipment can be managed will 
very high reliability and accuracy while establishing con- 
cunently the correspondences, respectively, to the logi- 
cal network configurations as viewed from various 
upper-rank protocols. 

[0159] Additionally, the information concerning the 
physical interconnection relations among the network 



equipment, the information concerning the logical vir- 
tual network conf iguration and the user information can 
be searched and altered in a consolidated manner by 
using as the key the MAC addresses allocated to the 
5 physical network equipment even when the information 
mentioned above can not be acquired directly by resort- 
ing to the SNMP or like means. 
[0160] Besides, by making use of the database, the 
logical network segment configuration based on the vir- 
10 tual network, the physical network configuration as 
viewed from various upper-rank protocols can be man- 
aged while establishing concurrently correspondences 
thereamong by using as the keys the MAC addresses 
allocated to the physical network configuration, respec- 
ts tively. 

[01 61 ] Thus, according to the teachings of the present 
invention management of the network including the vir- 
tual networks implemented in conformance with plural 
schemes or standards can be carried out easily. 

20 

Claims 

1. A network management system for managing a 
computer network in which a media switching type 

25 infrastructure and a media sharing type infrastruc- 
ture are combined coexistently, comprising: 

a database (221) provided for network man- 
agement in which correspondences are estab- 

30 lished among information concerning physical 

interconnections (1010) of individual equip- 
ment (25) on a network (20), information con- 
cerning logical network configuration such as 
that of virtual network (1020) and information 

35 concerning users (1045) who make use of the 

network. 

2. A network management system for managing a 
computer network in which a media switching type 

40 infrastructure and a media sharing type infrastruc- 
ture are combined coexistently, comprising: 

a database (221) provided for network man- 
agement in which correspondences are estab- 

45 lished among information concerning physical 

connections (1010) of equipment on said com- 
puter network (20), information concerning log- 
ical interconnection (1020) of said computer 
network, and information concerning users 

so (1045) who make use of said computer net- 

work (20). 

3. A network management system according to claim 
1. 

55 further comprising: 

means (22; 221) for executing identification of 
equipment (25) connected to said computer 
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network (20) and physical interconnection rela- 
tion among said equipment by using physical 
addresses (53) allocated intrinsically to the net- 
work ports of said equipment, respectively. 

5 

4. A network management system according to claim 
1, 

further comprising: 

search means (22; 50) for searching physical 10 
addresses (53) intrinsic to said network ports 
on the basis of logical addresses (51) or alter- 
natively user information. 

5. A network management system according to claim is 
1. 

further comprising: 

means (221; 231; 241) for implementing said 
physical connection information, logical net- 20 
work configuration information and user- 
related information as one tree structure type 
directory data of a hierarchical structure. 

6. A network management system according to claim 2s 
1. 

further comprising: 

means (36) for displaying said physical inter- 
connection information, logical network infor- 30 
mation or user information in different areas 
(1010, 1020, 1040), respectively, in the form of 
relevant icons, 

means (1047; 1027) for displaying association 
of the information in said individual areas; 35 
means (210; 2103) for displaying the informa- 
tion in said individual areas in one frame three- 
dimensionally; and 

means for generating displays indicating 
mutual relations among said areas in which 40 
said icons are displayed individually. 

7. A network control program executable in a network 
management system including a database (221) 
provided for network management for managing a 45 
computer network in which a media switching type 
infrastructure and a media sharing type infrastruc- 
ture are combined coexistently, comprising a step 

for establishing correspondences among informa- 
tion concerning physical interconnections (1010) of so 
individual equipment (25) on a network (20), infor- 
mation concerning logical network configuration 
such as that of virtual network (1020) and informa- 
tion concerning users (1045) who make use of the 
network. 55 

8. A storage medium for a network management sys- 
tem including a database (221) provided for net- 



work management for managing a computer 
network in which a media switching type infrastruc- 
ture and a media sharing type infrastructure are 
combined coexistentiy, comprising: 

a code section for establishing correspond- 
ences among information concerning physical 
connections (1010) of equipment on said com- 
puter network (20), information concerning log- 
ical interconnection (1020) of said computer 
network, and information concerning users 
(1045) who make use of said computer net- 
work (20). 

9. A storage medium for a network management sys- 
tem according to claim 7, 

further comprising: 

a code section (22; 221) for executing identifi- 
cation of equipment (25) connected to said 
computer network (20) and physical intercon- 
nection relation among said equipment by 
using physical addresses (53) allocated intrin- 
sically to the network ports of said equipment, 
respectively. 

10. A storage medium for a network management sys- 
tem according to claim 7, 

further comprising: 

a code section (22; 50) for searching physical 
addresses (53) intrinsic to said network ports 
on the basis of logical addresses (51) or alter- 
natively user information. 

1 1 . A storage medium for a network management sys- 
tem according to claim 7, 

further comprising: 

means (221; 231; 241) for implementing said 
physical connection information, logical net- 
work configuration information and user- 
related information as one tree structure type 
directory data of a hierarchical structure. 

12. A storage medium for a network management sys- 
tem according to claim 7, 

further comprising: 

a code section (36) for displaying said physical 
interconnection information, logical network 
information or user information in different 
areas (1010, 1020, 1040), respectively, in the 
form of relevant icons, 

a code section (1047; 1027) for displaying 
association of the information in said individual 
areas; 

a code section (210; 2103) for displaying the 
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information in said individual areas in one 
frame three-dimensionally; and 
a code section for generating displays indicat- 
ing mutual relations among said areas in which 
said icons are displayed individually. 5 

13. A network control method for a network manage- 
ment system for managing a computer network 
comprising: 

10 

a step for coexistent! y combining a media 
switching type infrastructure and a media shar- 
ing type infrastructure, and 
a step for establishing correspondences 
among information concerning physical inter- is 
connections (1010) of individual equipment 
(25) on a network (20), information concerning 
logical network configuration such as that of 
virtual network (1020) and information con- 
cerning users (1045) who make use of the net- 20 
work. 

14. A network control method for a network manage- 
ment system for managing a computer network 
comprising: 25 

a step for coexistently combining a media 
switching type infrastructure and a media shar- 
ing type infrastructure, and 

a step for establishing correspondences so 
among information concerning physical con- 
nections (1010) of equipment on said computer 
network (20), information concerning logical 
interconnection (1020) of said computer net- 
work, and information concerning users (1045) 35 
who make use of said computer network (20). 

15- A network control method for a network manage- 
ment system according to claim 14, 

further comprising: 40 

a step (22; 221) for executing identification of 
equipment (25) connected to said computer 
network (20) and physical interconnection rela- 
tion among said equipment by using physical 45 
addresses (53) allocated intrinsically to the net- 
work ports of said equipment, respectively. 

1 6. A program executable in a managing computer net- 
work, comprising steps recited in claim 14. so 
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